Archive for PEBKAC

Guaranteed unbreakable

Well, not exactly.

A site at mostsecure.pw has posted “The worlds most secure password for websites, games and private data. Researched and developed by leading encryption specialists in Europe”. I’m not going to copy it over here, but this string boasts:

  • Upper- and Lowercase Characters
  • Numbers
  • Ambiguous Characters
  • Symbols
  • 20 unique Characters

Downside: Once word gets around that this password is Secure AF, the bad guys will promptly add it to their brute-force cracking schemes, and you’re worse off than when you began.

Of course, this whole effort is bogus, but the password offered does have one legitimate advantage: it’s a hell of a lot better than what you’re probably using now, especially if what you’re using is something like “123456.”

Comments (7)




When there’s no other way

Gerard Van der Leun is about to attack a problem I myself took on nine years ago. It’s going to be a little harder for him, though:

With the duct tape and chewing gum wads of the Movable Type software that holds this site together slowly falling apart, I’ve no choice but to move the type here to another platform: WordPress. This means that I have to do what nobody my age ever wants to do: learn a new program. Result? Posting here shall be light through the weekend as I try to set up a new home in space.

All I have to do is move over 30,000 items from one planet to another. Confidence is high. Repeat: Confidence is high.

I got this task done over the equivalent of a weekend in 2008, but I had only 4061 items to move. And it took me several passes to import all those posts. Still, it did work, sort of, the first time out, and I’m content enough to spit in the eye of anyone who suggests another migration.

Comments (7)




Big Blue shrinks at your expense

A bright idea, or so she seems to believe, from IBM chief marketing officer Michelle Pelosu, is not so damned wonderful at all, reports Jack Baruth:

Thousands of IBM employees who have worked remotely for their entire careers have been given ninety days to sell their homes and move to one of six “collaborative” cities. IBM will pay their moving expenses, but it will not cover the costs of moving to some of the hottest real estate markets in North America.

Very few of these IBMers earn more than $100,000 a year, but they have just ninety days to cash out and move to places where the average home costs between $315k and $1.5m. If they have families, then chances are that they are one half of a double-income couple. After all, that’s the only way anybody can afford to have children now. So Ms. Peluso’s arrogant decree doesn’t just turn thousands of homeowners into renters or house-poor bubble-mortgage slaves; it also forces thousands of people to quit their jobs and start over somewhere else.

The irony here is that IBM has pioneered multiple studies showing that remote workers are happier, more productive, and less expensive than their “agile workspace” counterparts. But Ms. Peluso is not going to let the facts interfere with her emotions. After all, she works in New York, and it’s no trouble for her. Why shouldn’t everybody have to come work with her? Why wouldn’t people want to move to the most exciting cities? Why wouldn’t they want to spend an extra three hours a day commuting to jobs where the first person to leave the office every day will be nonchalantly added to the top of next quarter’s layoff list?

I doubt she has entertained the slightest whiff of a notion that people who don’t earn several million dollars per year might have trouble making a ninety-day relocation to places where a family-sized apartment rents for $10k a month. She almost certainly has not thought about what an extra three hours of day worth of commuting means to the families and children of her employees. Like most C-suite types, she considers the eighty hours a week that she spends on private jets, in limousines, and at multi-billion-dollar resort facilities to be “work.” Surely everybody below her should be required to put in the same hours — and what difference does it make if they start and finish those hours driving a clapped-out Corolla ninety minutes in each direction from the only places they can afford a balloon mortgage?

Let them work in the best spaces! Holy shit, that’s worse than Let them eat cake.

“Everybody back into the office!” said Yahoo! CEO Marissa Mayer, and we all know how well that worked out.

Comments (9)




You are wrong, copy-protection breath

You can hear Cory Doctorow snickering in the background:

Lexmark has spent nearly 20 years fighting the war on carbon, trying to stop you from refilling your laser printer cartridges. In 2003, they attempted to use the DMCA and DRM to argue that it was an act of piracy (the courts didn’t buy it) and then in 2015, they went all the way to the Supreme Court with the idea that you were violating their patent license terms if you treated the cartridges you purchased as though you owned them.

[Tuesday], the Supreme Court told Lexmark it was wrong. Again. Saying that when a patent holder “chooses to sell an item, that product is no longer within the limits of the monopoly and instead becomes the private individual property of the purchaser, with the rights and benefits that come along with ownership.”

The Supremes were almost unanimous: Justice Ginsburg concurred in part and dissented in part, and Justice Gorsuch, who was not present for the original hearing, took no part in the decision.

Purely by coincidence, I spent Tuesday installing my first-ever third-party cartridges in one of my printers. Results were sort of meh.

(Via Fark.)

Comments (5)




Windows on the world

Unfortunately:

Hey, at least they’re polite.

Comments




Ancient memory

A look at personal computing online in the UK, a mere third of a century ago:

You can learn a bit more about this from a history of Prestel.

Comments




Let the chips name the paint

Seemed like a good idea at the time:

So if you’ve ever picked out paint, you know that every infinitesimally different shade of blue, beige, and gray has its own descriptive, attractive name. Tuscan sunrise, blushing pear, Tradewind, etc… There are in fact people who invent these names for a living. But given that the human eye can see millions of distinct colors, sooner or later we’re going to run out of good names. Can AI help?

For this experiment, I gave the neural network a list of about 7,700 Sherwin-Williams paint colors along with their RGB values. (RGB = red, green, and blue color values) Could the neural network learn to invent new paint colors and give them attractive names?

Short answer: Yes, but no.

Slightly longer answer: Look at these and judge for yourself:

Paint colors invented by a neural network

Neither Sherwin nor Williams, I suspect, has much to worry about.

(Via Ars Technica.)

Comments (4)




Word salad with no dressing

Most comment spams are incomprehensible.

Most personal ads are incomprehensible.

Now combine the two and you have this thing, dropped into my mailbox this week:

Smart, crazy, funny, wanting and eventually still mature. I’m 5-3 midium built with stunted wavey black hair. I smell good. I pet good and yes, I am attractive. With very light peel (IRISH) and Honeybrown eyes (Mexican) I have a greats ense of humor and when your sad or up-end, I will shape you laugh. Looking looking for joy and excitment, would infatuation to arrange pleasure I am finishing up my considerably in college, dearth to have nonsense in between. Not looking in the direction of A LTR.

The rest is sufficiently disquieting to justify throwing it under the jump:

Read the rest of this entry »

Comments (2)




Calling all fourth-graders

I bet you could answer this one:

In AutoCAD, if you want to make text one-fourth the size of the decimal units for your drawing, should you type .25 or .40?

What’ll you bet me the guy also pirated the software? He’s manifestly too dumb to be in a position where he can afford a four-digit license fee, or to work at a place that can.

Comments (3)




Kernel panic

You spend enough time debugging, and eventually the apocryphal seems like God’s Own Truth:

Of course I’d be entirely unsurprised to hear the story being quite apocryphal, but sometime back I did hear of a computer tech with a seriously active pagan(ish) background, where on one occasion he was dealing with some variety of computer equipment that had been assessed and poked at forwards, backwards and upside down, and the contraption still would not behave.

And at some point as he was glaring at the assorted issues, someone had a passing comment about sacrificing a chicken. The tech stared into space for a bit, then wandered off to borrow someone’s lunch, given the theory that regardless of the cause, dead chicken is dead chicken.

A few minutes later he wandered back with a bucket of KFC, intoned something appropriate for the occasion, ritually waved the bucket about in the vicinity of the recalcitrant circuitry, and then headed off to return the donation. The computer is stated to have then booted up just fine, all assorted bits and pieces in perfect working order.

Colonel Sanders. Is there nothing he can’t do?

Apparently not:

Book acquired, for the sake of, um, research. Yeah. That’s the ticket.

Comments (2)




Why aren’t there more female programmers?

A student asks the crowd at Yahoo! Answers:

I’m a university student studying game and graphics programming and I’m a girl. In my class there are a lot of guys but only few girls, only two or three of us. I also heard there’s a bit sexism when it comes to applying for programming jobs for women. Is it true?

A Level 6 answerer (highest is 7) replies:

I’m a female software developer. I’ve been doing this for over 30 years, and I have to admit that there are a lot less women in the job now than there were when I started and even I’m not sure why.

I work for a global organization, of which I think about 5% of the software developers are female. Most of the women working in our various IT departments are in project management, business analysis, quality testing or frontline support.

When I first started programming, at university, I guess about 40% of the class were female. In my first job about half the programmers were female. Even as recently as the late 1990s about one third of the programmers I worked with were female.

I really don’t have an answer on the decline. The only thing I can think of is that, when I started, object oriented languages and PC development weren’t really a thing. We wrote code in languages like COBOL on mainframes. There was a whole other team of computer operators whose job it was to look after the mainframe, run backups, look after operating system patches and disaster recovery wasn’t really something people thought about. Now, developers are much more expected to be conversant with server architecture, web configuration etc. It’s like that old adage that women are hopeless at programming their video recorders. I must admit I struggle with the server configuration side of things but it’s part of my job now and I get by. But I am much better at the core logic of writing code, which unfortunately only takes up about 20% of my working day these days. Maybe that’s part of the reason.

This latter problem, I suspect, is due to ever-diminishing staff: the gods of commerce have decreed that if a task can be completed with a staff of ten, it’s even better to do it with five or six.

And while not everything can be explained away by sexism, there’s plenty of it out there.

Comments (1)




Going through the motions

The Space Pope’s advice — “Don’t date robots!” — notwithstanding, there are some advantages to the purely synthetic partner, says Fred:

Consider the charm of a sexbot. She will be not only beautiful, indeed perfect, but perfectly beautiful just as you want her to be. She will have an “Off” button. She will have user-selectable personalities instead of changing wildly and unpredictably as happens with human women. You can choose sweet, furiously lustful, kinky to taste, shameless hussy, Honkytonk Angel, whatever floats your boat. She won’t do relationship talk. She will do quickies and nooners without complaint, never have a splitting headache, and never have three-day huffs that no man can figure out. Fast, easy, back into her closet, and you can get to work again.

Variety appeals. It will be unlimited. There will be streaming services. Realdoll.com offers “Extra Faces.” Feminists sneer at this as mere masturbatory fantasy. To which a guy might respond, “What you mean mere, Sugar Britches?” Anyway, America was built on self-reliance.

I see a potential problem here. For one thing, music streaming services impose limits on skipping tracks. (Why? “Because if you could skip unlimited songs, there would be no reason to get a premium account. You would just be able to keep skipping till you found something you like, and nobody would purchase a premium account.”) I’d expect similar limitations on fembots.

Actual women, some of them anyway, will not much like this situation:

While women are more sexual than men — the better ones are, anyway, usually Democrats — men are more urgent about it. This gives women great power as they are the only sexual outlet men have, except in Scotland. Now they watch the coming sexbots with the unease of a McDonald’s worker watching the installation of an automated burger-flipper.

I’ll take Fred’s word for that business about Democrats, inasmuch as I have insufficient personal experience to the contrary.

Still, if this is going to be the future of sexytime, I’d just as soon do without the hardware: give me an operating system with the voice of Scarlett Johansson, and I’m fine.

Comments (10)




Whatever the traffic will bear

Drizly vehicle in metropolitan Boston

Drizly was founded by Nick Rellas and Justin Robinson, two Boston College graduates, in 2012 when they encountered the question of why almost anything was available through an app — except for beer. They realized the alcohol business had not changed its ways since Prohibition ended, and they began to figure out how to integrate technology into the industry. The company launched its service in the greater Boston area in 2013, then expanded to New York, Los Angeles, and Chicago.

I don’t expect to see them in this market any time in my lifetime.

(Photo by Craig Sprout.)

Comments (1)




The one with the ever-widening hole in it

I was rather startled to see this:

[E]very Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic.

First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had.

What do all those letters mean? Active Management Technology, Intel Standard Manageability Escalation of Privilege, and Small Business Technology. I found those in Intel’s security alert, issued a few hours after the SemiAccurate release. In the standard jargon:

There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).

CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).

CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What does all this mean? To me, nothing: I’m using an AMD box. At work, well, I’ll just have to review some inventory. Says S|A:

The problem is quite simple, the ME controls the network ports and has DMA access to the system. It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify this capability yet), read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not.

While these capabilities sounds crazy to put on a PC, they are there for very legitimate reasons. If an IT organization needs to re-image a system, you need to be able to remotely write to disk. Virus cleaning? Scan and write arbitrary bits. User logging and (legitimate) corporate snooping? That too. In short everything you need to manage a box can be exploited in ugly ways.

Intel is already supplying a firmware fix for at least some of the affected platforms.

Comments (3)




iShards

Apple wants you to know that they are totally emotionally committed to the idea of recycling. What they don’t want you to know is the depth of that commitment:

Apple’s new moonshot plan is to make iPhones and computers entirely out of recycled materials by putting pressure on the recycling industry to innovate. But documents obtained by Motherboard using Freedom of Information requests show that Apple’s current practices prevent recyclers from doing the most environmentally friendly thing they could do: Salvage phones and computers from the scrap heap.

Apple rejects current industry best practices by forcing the recyclers it works with to shred iPhones and MacBooks so they cannot be repaired or reused — instead, they are turned into tiny shards of metal and glass.

Glass, unless you swallow it, is fairly benign. Not so much some of these metals:

Kyle Wiens, the CEO of iFixit, notes that recycling “should be a last option” because unrecyclable rare earth metals are completely lost and melted down commodities are less valuable and of generally of a lower quality than freshly mined ones. Repair and reuse are much better ways to extend the value of the original mined materials.

But hey, that doesn’t encourage the guy who might be able to afford a secondhand iPhone to go out and buy the latest and greatest.

(Via Joanna Blackhart.)

Comments (1)




What happened yesterday

Some time around noon Central, this site — indeed all my sites — went south, and I mean at the level of Tierra del Fuego. Did this have something to do with the upgrade to a Virtual Private Server last week? Well, kinda sorta: the sites did get moved, but the DNS change, which frankly I did not anticipate, went through yesterday. So basically we had to wait for the DNS change to propagate to your DNS provider: until it did, you got either a 404 or a generic Down page. OpenDNS, my own DNS provider, wasn’t apparently in any hurry; some of you were able to get in before I was.

Comments (3)




One step forward

I have moved off my original shared-hosting account, where I’ve spent the last decade and a half, to my first Virtual Private Server, which gives me the appearance of a machine all to myself and a whole 30 gigabytes’ worth of solid-state drive. (Same host, just a higher rung of service.) This move was motivated by (1) a higher number of server reboots in recent weeks and (2) a substantial price cut, not necessarily in that order. (The new service is 38 percent pricier than the old service, which is currently priced at half what I paid for it fifteen years ago.)

So far, things seem a smidgen faster, though not enormously so, and I have some options that weren’t open to me before. Then again, it takes two machines to run WordPress, the Web server and the database, and I’ve only upgraded the Web server — so far.

Comments (2)




IPv4 fanfiction

I don’t believe a word of this, but it’s a heck of a narrative. Holly — no, not our Holly — claims:

I found a way to pinpoint exactly where someone is EVERY time they use their phone and it is through Netflix. Just saying.?

Suspension of disbelief begins to fail … NOW:

So my ex bf does not have Netflix on his phone. He only has it on his smart tv and his computer … that I know of.

He kept taking off at odd hours and I noticed he was bringing condoms. I actually counted them for a month bf doing this. Anyway I went to his Netflix acct and then to history. It has option there for IP addresses. I clicked that. It told me his IP address EVERY time he used his phone … it had nothing to do with netflix. It also corresponded to the times he kept taking off. I highlighted and copied the IP addresses into a gps converter app I got from google play. It took those IP addresses and gave me the exact gps coordinates of where he was at as well as the time he was there (Netflix IP history). It showed him many times in the middle of the woods on an army base and on a dirt road (where his missing condoms were found on the ground). I waited until he left and went to the place and caught him with a male prostitute. He is now my ex. Oh and he is an FBI agent in sex crimes division. Sooo … that is how you do it :-)

If he doesn’t have Netflix on his phone, why would Netflix have a list of the IP addresses on his phone? For that matter, why would the guy’s desktop have a list of the IP addresses on his phone? If you ask me, he’s better off as far as possible from Femaleficent there.

Comments (5)




Something less than fab

Cristina reveals the reasons — a baker’s dozen! — she’d like to quit Instagram, even though it’s essential to her career as a shoeblogger. This one struck me particularly hard:

If we’ve ever met, chances are I’ve talked about how much I dislike typing on my iPhone. And how much I miss my old school Nokia 3310, where I felt I could type a million words a minute (yes, I’m that old, thank you very much!). But something about Apple’s teeny-tiny keyboard doesn’t cut it for me.

I’m constantly struggling with jelly fingers, resulting in many more “shits” than “shots” & “fab” vs … well, a derogatory term I would never use but my phone seems to auto-incorrect for me. I believe it’s time for Siri & I to have a little chat. Or possibly go Android. Yes, shocking!

I had one of those little Nokia candy bars, and I didn’t type worth a flip, so to speak, on it.

Comments (1)




The lone and level sands

Remember when the idea was to build something that would last? Forget that nonsense:

Whether you call it the technological age or the global age, these are just polite terms for cosmopolitanism, scaled to the supranational. In the city, you don’t build, you hustle. You don’t own, you rent. Nothing is permanent because a stationary target is an easy target. Instead you make what you can and you move onto the next thing. If you can shift the burden onto someone else, all the better. That’s how the game is played because in the city, everyone is a stranger.

That’s the new economy we are experiencing. No one thinks about the long term, because that’s a sucker’s play. The money is in the short hustle. You make your money and move on. The game is to pick the fruit, squeeze out all the juice and then toss away the rest, leaving it for a sucker to clean up later. The housing bubble is a good example. Everyone involved knew it was a grift. They are too smart to not have known. The game was to make money and not be the sucker left holding the bag.

Oh, and remember these guys?

I used to know someone who worked at Lotus in its heyday, so I had an interest in the company from the early days. I recall the owners turning up in local news a lot and they were brimming with confidence. I wonder if those folks from the glory days of Lotus don’t look back with sadness at what happened to their company. They are rich men and did very well for themselves after Lotus, but still, I bet they would trade a lot to be able to walk past their old building with their old sign still over the door.

I watch Lotus IBM Notes boot up five mornings a week, and the only references to Lotus are an old copyright statement and a serial number that starts with L. And I’m not too sure that L means anything at all.

Comments (3)




Somehow this is not intuitive

Presumably it does, however, meet the requirements of the vendor:

You can't do an online reservation online

I’d say something smartassed about Turkish Airlines, but it’s been 42 years (exactly) since I’ve flown them — SZF-IST, if you’re keeping score — and they might have hired new personnel since then.

Comments (5)




Waste time with a wounded hand

As a public service, Sippican Cottage offers a rule of thumb for gauging future Internet success:

Twitter is really, really creepy. Uber was creepy long before you found out exactly how it was creepy. The only human thing about anyone who worked there was their hamhanded attempts to grope the help, now that I think of it. When that’s the top of your interpersonal heap, Dante Alighieri should write your yearly reports. Facebook, and the avaricious little twerp that runs it, is the creepiest thing I’ve ever encountered on this world, and I’ve renovated apartments that had a dead body in them. Google is creepy turtles, all the way down.

Snapchat prospers, if you define success as the ability to use up borrowed money for a longer period of time than your creep competitors before the laws of supply, demand, and plain old addition and subtraction start to apply. Snapchat gives their users the impression they can get away with being a creep on their service. Being creepy is the appeal. Google Glass failed because they lied, and said it wasn’t supposed to be creepy. Snapchat makes the same thing, and touts creepiness as a feature, not a bug. That’s how you do it fellows. You’ll be able to borrow another half-a-tril with that approach.

Then again, the baseline for creepiness creeps (of course) upward all the time. Twitter keeps looking for new ways to be creepy in a desperate attempt to keep the venture-capital wolves from the door. (See, for instance, their alleged “safety” squad, Marxist to the core, a blatant attempt by @jack to avoid doing his job.) Facebook has seemingly all the money in the world, and is willing to spend it on new ways to be assimilated by the Zuckerborg Collective. And I figure Snapchat, which boasted that one’s texts would disappear after a certain period, is working on a way to disable the ever-popular Print Screen function.

Comments (3)




The Cone of Silence descends

About four o’clock Central, this place will be going (temporarily) dark(ish):

We will be working to improve service on your MySQL server this Wednesday, March 22nd, starting at 2PM PDT. This maintenance is estimated to take up to 2-3 hours to complete with a total of roughly 2 hours of downtime. Databases will not be available during this 2 hour period.

As part of this improvement, we will be upgrading your MySQL server to improve stability as well as patching it for potential vulnerabilities. There should be no data loss, but connectivity will be affected by this maintenance, and changes to your databases should not be made until the maintenance is complete.

I’m interpreting this to mean that a cached copy of the front page will still appear, and all the old static pages will remain available, but the latest and greatest will be even later, if not necessarily greater.

Comments (4)




Sanitize that keyboard!

Key Source International builds computer keyboards for use in healthcare facilities. Their latest product is the KSI-1801 SX B, a hospital-grade,
disinfectable backlit keyboard. Features:

  • Backlit keys are easy to read in the dark
  • Quick USB detachment saves time
  • Sealed surface available in colors
  • LinkSmart™ locks keys for easy cleaning
  • San-a-Key® provides real-time analytics
  • Compact design fits most medical carts
  • Aids in control of cross contamination
  • Scrubbable, sprayable, disinfectable
  • Three levels of illumination

One rather expects this to be priced somewhere in the upper stratosphere, in the manner of the $15 Tylenol® tablet. It’s not; in fact, it’s priced right with premium keyboards that aren’t the least bit sprayable. And buying a keyboard that’s billed as “dishwasher-safe” will probably not save you:

Not only is removal of keyboards at hundreds of individual workstations a daunting task, but it’s also a costly endeavor that wastes hospital resources and precious man hours. More important, dishwasher-safe keyboards are, in reality, a detriment to good infection control practices. Why? Because most keyboards are never removed from service to be washed.

I can believe that.

Comments (1)




Smaller Blue

IBM today is a pale shadow of what it used to be:

When I was younger, IBM was the bee’s knees, tha shiznit. Fifteen years ago, I got a $5,000 check from IBM for some consulting work. I had it blown up and framed. Working with IBM meant that you were one of the best. They didn’t do anything by half measures. And they built stunning technological masterpieces from the ThinkPads to their xServers to the mighty copper-core z-mainframes.

What does IBM do now? Well, as far as I can tell they still have some impressive R&D. By and large. however, they sell “services.” Which means that they hire a bunch of know-nothings at the lowest rate possible, many of them H1-Bs fresh from six-month technical degrees at mystery-meat educational facilities of dubious standing, and they incompetently deliver on vaguely-scoped products for prices that are calculated to bleed the client just short of bankruptcy.

At least they’re still properly supporting their midrange hardware; if they weren’t, I’d probably be out of a job.

It’s pathetic, seeing the company that invented the Selectric and the Model M and the best mainframe computer in history turn into a services reseller. Think of Jaco Pastorius begging for spare change outside of Birdland, then make it fifty times worse. And then look at me typing this up on the descendant of IBM’s intellectual property, abandoned by a bunch of moronic market-watchers who didn’t understand that greatness only comes from creation, not sales or marketing.

He’s pounding away on a Lenovo. And if I ever need another Model M — my current keyboard dates to, um, 1990 — the guys who own that sliver of IBM intellectual property are here and ready to sell.

Comments (2)




So you think you’re anonymous

You probably wouldn’t want to bet your life on that:

In the Morse Code era, the phrase “fist” referred to the unique style that every telegraph operator brought to their communications. The phrase “recognized the fist” comes up again and again in various wartime and spy literature; it refers to hearing someone tapping out Morse Code and being able to distinguish the operator by their style. This was far from a trivial detail of the telegraph era; in more than one case lives were saved (or lost) because someone was able to differentiate between who an operator was supposed to be and who they actually were.

Fast-forward a hundred years, and it’s now possible to spy on what someone is typing by leaving a phone on their desk and having it pick up the vibrations from the physical activity of typing. (A laser mike pointed at your window works equally well, unfortunately.) Your typing style is like a fingerprint. It doesn’t even take a high-power microprocessor to determine what you’re doing on a computer. My first wife claimed to be able to tell, from a distance of across our house, whether I was programming, writing for a website, engaging in an Instant Messenger chat, or arguing with someone online on my old IBM Model M mechanical keyboard. Well, I shouldn’t say “claimed.” More like she just plain knew. Her accuracy rate was effectively 100%. Never once did she accuse me of not working when I was working, or vice versa.

Incidentally, this idea of being able to identify patterns in communications behavior is also how most cryptography is undone. There’s a brilliant scene in the novel Cryptonomicon where a highly complex cipher is broken because a cipher clerk doesn’t always close her eyes when she reaches into a bowl full of wooden balls — and although that scene is written right at the edge of the reader’s credulity, it has mathematical basis in fact. The whole difference between “128-bit” and “2048-bit” encryption is how effective the method is in reducing the “fist” or “fingerprint” of a conversation.

I do believe that tale of the first Mrs Baruth; I bang on a Model M to this day, and what it sounded like when I wrote this paragraph is nothing like what it sounded like when I recapped the Thunder-Spurs game. I don’t think anyone is listening — why would they care? — but I have learned not to be surprised.

Comments (5)




Unhermetically sealed

Roberta X channels her inner SwiftOnSecurity:

The young programmer — and he was no slouch; he’d recently created a custom version of the computer language “C” for his employer, finishing only a little behind the release of “C+” — took on this task with hope; after all, he’d got his start back when the clever students enjoying finding new ways to crash the nearby university’s big IBM mainframe, doing so in the dead of night, and showing the console operators how they’d done it so the vulnerability could be remedied!†

He thought and he thought and everything he came up with — had a hole in it. Allow unrestricted public access to a computer, and people you don’t want in it will get in. Passwords are a trivial problem, given time. Even air-gapping didn’t work, especially if media traveled both directions across the air-gap. Nope, the only way to be mostly safe was to run the support system on an isolated computer from which nothing ever, ever came back to his employer’s network — and that still left the users vulnerable, especially if the support machine was used to distribute software.

The general rule he evolved was this: “If you want to keep a computer safe, you cannot allow any form of unrestricted access. If it is accessible, people you don’t want in will inevitably get in.” That’s Stockman’s Law: if your computer has to be secure, it can have no network connection, no removable media, no unvetted users, no nothing but a display and HIDs — and even that can be defeated by a malicious authorized user. And then what good is it?

Actually, Swift is a bit more forgiving than that:

You cannot just buy “security.” It is something obtained through simple choices and knowledge. Tragically, these aren’t even hard to do or obscure to learn. But no one makes money telling you how to use what you already have. What you need is someone who doesn’t care about your money or looking smart by spouting off fancy words of no consequence — just that you not be a victim.

It pains me to see people who distrust and fear their computers, and who feel powerless in that fear. Because that’s not what I see when I look at computers and phones and websites. I see tools I trust with the story of my life, and the secrets I leave out when I tell that story to others. Everyone should be able to feel like that.

Which is about where I find myself. There is, of course, no way to fight off the most determined hackish types forever. Fortunately, most of the vandals on the far side of the firewall are looking for easy marks, and I work diligently to avoid appearing easy.

Comments (2)




A TV smarter than its distributor

There are people who believe that everything should be connected to the Internet, and these people must be stopped at any cost:

So if you hadn’t been paying attention, most of the “smart” products you buy are anything but intelligent when it comes to your privacy and security. Whether it’s your refrigerator leaking your gmail credentials or your new webcam being hacked in minutes for use in massive new DDoS attacks, the so-called “smart” home is actually quite idiotic. So-called smart-televisions have been particularly problematic, whether that has involved companies failing to encrypt sensitive data, to removing features if you refuse to have your daily viewing habits measured and monetized.

Last month Vizio joined this not-so-distinguished club when it was discovered that the company’s TVs had been spying on users for the last several years. Vizio’s $2.2 million settlement with the FTC indicates that the company at no time thought it might be a good idea to inform customers this was happening. The snooping was part of a supposed “Smart Interactivity” feature deployed in 2014 that claimed to provide users with programming recommendations, but never actually did so. In short, it wasn’t so much what Vizio was doing, it was the fact the company tried to bullshit its way around it.

And just in case they thought they were off the hook:

And while Vizio may have settled the FTC investigation into its snooping televisions, the company now faces an additional class action after a California federal judge late last week denied the company’s motion to dismiss. The court ruled that Vizio customers’ claimed injuries were “sufficiently concrete” to bring suit under the Video Privacy Protection and Wiretap Acts.

California, you may know, is not exactly well-known for granting absolution to medium-sized companies that have sinned.

(Via Holly Dunagan.)

Comments (1)




Historical technical note

It helps to have been there long enough to be able to remember fine details like this:

[W]hen you get right down to it peer-to-peer social networking has existed since the birth of the internet.

It’s called email. Or blogging or texting. And while it’s true that it isn’t truly “peer-to-peer” in the non-social networking sense, it does satisfy one major issue people have with Facebook and Twitter: it doesn’t go through Facebook or Twitter.

[Emphasis added.]

And “peer” fits, sort of: everyone’s mail client sucks to greater or lesser extent, so there’s not much reason for anyone to claim technical superiority.

Comments off




I was wondering about that

Patch Tuesday came and went this week, and Microsoft issued no Windows patches. What gives? This is the explanation they provided:

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates.

Apparently dropping one update out of a batch is no longer a thing:

Previously, Microsoft could delay a single patch — when, for example, that patch had been previously announced but had not been completed in time — without impeding the company’s ability to release all other fixes. That occurrence, while uncommon, was not extraordinary.

But as soon as Microsoft began packaging all patches into single item — as it did with Windows 7 and Windows 8.1 in November — it lost the power to postpone one fix while still releasing others. Although Microsoft security updates have become all-or-nothing affairs for customers, who must accept every patch or none, without any middle way, the same holds true for the Redmond, Wash. company as well: It must release all its scheduled patches, or none of them.

So the next Patch Tuesday will be on the 14th of March, which is in fact a Tuesday.

(Via Fark.)

Comments (2)